Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • BW5.X - Security - How to use HTTP Basic Authentication in BusinessWorks 5.X


    It is possible to use HTTP Basic Authentication in BusinessWorks 5.X while acting both as an HTTP server and an HTTP client.

    Basic Authentication in an HTTP Server application

    When using Basic Authentication in a BusinessWorks 5.X application acting as an HTTP server the identity referential that is used by BusinessWorks is the Domain where the application is running, in other words the user / password credentials presented by client applications are verified by the BusinessWorks server application against the Domain users.

    Domain users are managed with TIBCO Administrator in the ‘User Management -> Users’ tab.

    1*EoVAXrOB2B-Bt_S5FG-aBg.png

    Users can be created from that tab or synchronized from an LDAP server (generally the Enterprise Active Directory server).

    To enable Basic Authentication in an HTTP Receiver activity you just need to check the ‘HTTP Authentication’ option in the Configuration tab of the activity, it is also recommended to check the ‘Expose Security Context’ option (see explanations at the end of the article):

    1*3euCj2zk9RCuSL5XP4cBYw.png

    Basic Authentication in an HTTP client application

    You first have to create an Identity resource of type User / Password and set the user name and the corresponding password :

    1*xN19ifG3LAL_z51vrt_m0A.png

    Then you have to configure the ‘Send HTTP Request’ activity to use basic authentication and the credentials set in the Identity resource.

    1*qPAoYv0Hi1kxp_s27bUUSw.png

    To change the credentials (user name and password) dynamically at runtime you can take the approach to create the ‘Authorization’ header by yourself in the Input mapping of the activity, the header value can be created using an XPATH similar to the one below:

    concat(“Basic “,tib:string-to-base64(concat($_globalVariables/ns:GlobalVariables/BasicAuth/User,”:”, “MyPass”)))

    1*iAsRRpCyUUNkUYNaQ3aEqA.png

    Testing a client application in Designer

    To be able to test an application using Basic Authentication in an HTTP client activity you need to do the following:

    1) Copy the <TRA_Home>/domain/<domain_name>/AuthorizationDomain.properties from the target domain to <TIBCO_HOME>/tra/5.x on local machine.

    2) Make sure the file <TIBCO_HOME>/tra/domain/DomainHomes.propertise exists. If not, copy it from the target domain to local machine.

    More details are available in the following TIBCO KB article:

    https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-39055

    An important thing to keep in mind

    When multiple applications are exposing multiple end points using Basic Authentication to filter client calls any authenticated user in the target Domain can access all the endpoints.

    It is then recommended to check in each BusinessWorks server application that the user is authorized to access the managed endpoints, in other words authorizations have to be managed in the logic of the BusinessWorks applications.

    When checking the ‘Expose Security Context’ option the user name is available in the Output of the ‘HTTP Receiver’ activity:

    1*mj1SQqC_QzcxT5r8GXlnZQ.png

    Using Basic Authentication in Postman

    It is possible to test Basic authentication from Postman using the Authorization tab with Type ‘Basic Auth’:

    1*ZLa-pyo-b4OjkGYnBKFR8Q.png

    Using Basic Authentication with SOAP server and client applications

    The elements above apply to Inbound and Outbound Security Policies that can be used to secure SOAP End Points exposition (SOAP Server) and SOAP calls (SOAP Client).

     

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...